Snap for 9679998 from f26642ba30e5042f726eaf95710ba950b8c9229e to sdk-release
Change-Id: Ia31c07971bade725d0a55009f08a8df4e1ba230d
diff --git a/Android.bp b/Android.bp
index 14c58d8..0e282d6 100644
--- a/Android.bp
+++ b/Android.bp
@@ -405,11 +405,16 @@
"boringssl_flags",
],
cflags: [
- "-DOPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED",
"-DOPENSSL_SMALL",
"-DOPENSSL_NO_ASM",
+ "-D__TRUSTY__",
],
- visibility: ["//packages/modules/Virtualization:__subpackages__"],
+ visibility: [
+ "//external/avb",
+ "//external/open-dice",
+ "//packages/modules/Virtualization:__subpackages__",
+ "//system/security/diced/open_dice",
+ ],
apex_available: ["com.android.virt"],
}
@@ -484,6 +489,16 @@
min_sdk_version: "29",
}
+cc_library_static {
+ name: "libssl_baremetal",
+ defaults: [
+ "libssl_sources",
+ "boringssl_defaults",
+ "boringssl_flags",
+ ],
+ static_libs: ["libcrypto_baremetal"],
+}
+
// Unsafe and deterministic version of libssl. For testing and fuzzing only.
// See src/FUZZING.md.
cc_test_library {
@@ -683,6 +698,31 @@
],
}
+libbssl_sys_raw_flags = [
+ // Adapted from upstream the src/rust/CMakeLists.txt file at:
+ // https://boringssl.googlesource.com/boringssl/+/refs/heads/master/rust/CMakeLists.txt
+ "--no-derive-default",
+ "--enable-function-attribute-detection",
+ "--use-core",
+ "--size_t-is-usize",
+ "--default-macro-constant-type=signed",
+ "--rustified-enum=point_conversion_form_t",
+ // These are not BoringSSL symbols, they are from glibc
+ // and are not relevant to the build besides throwing warnings
+ // about their 'long double' (aka u128) not being FFI safe.
+ // We block those functions so that the build doesn't
+ // spam warnings.
+ //
+ // https://github.com/rust-lang/rust-bindgen/issues/1549 describes the current problem
+ // and other folks' solutions.
+ "--blocklist-function=strtold",
+ "--blocklist-function=qecvt",
+ "--blocklist-function=qecvt_r",
+ "--blocklist-function=qgcvt",
+ "--blocklist-function=qfcvt",
+ "--blocklist-function=qfcvt_r",
+]
+
// Rust bindings
rust_bindgen {
name: "libbssl_sys_raw",
@@ -691,30 +731,7 @@
host_supported: true,
wrapper_src: "src/rust/wrapper.h",
vendor_available: true,
- bindgen_flags: [
- // Adapted from upstream the src/rust/CMakeLists.txt file at:
- // https://boringssl.googlesource.com/boringssl/+/refs/heads/master/rust/CMakeLists.txt
- "--no-derive-default",
- "--enable-function-attribute-detection",
- "--use-core",
- "--size_t-is-usize",
- "--default-macro-constant-type=signed",
- "--rustified-enum=point_conversion_form_t",
- // These are not BoringSSL symbols, they are from glibc
- // and are not relevant to the build besides throwing warnings
- // about their 'long double' (aka u128) not being FFI safe.
- // We block those functions so that the build doesn't
- // spam warnings.
- //
- // https://github.com/rust-lang/rust-bindgen/issues/1549 describes the current problem
- // and other folks' solutions.
- "--blocklist-function=strtold",
- "--blocklist-function=qecvt",
- "--blocklist-function=qecvt_r",
- "--blocklist-function=qgcvt",
- "--blocklist-function=qfcvt",
- "--blocklist-function=qfcvt_r",
- ],
+ bindgen_flags: libbssl_sys_raw_flags,
shared_libs: [
"libcrypto",
"libssl",
@@ -725,6 +742,21 @@
],
}
+rust_bindgen {
+ name: "libbssl_sys_raw_nostd",
+ source_stem: "bindings",
+ crate_name: "bssl_sys_raw",
+ wrapper_src: "src/rust/wrapper.h",
+ bindgen_flags: [
+ "--raw-line=#![no_std]",
+ "--ctypes-prefix=core::ffi",
+ ] + libbssl_sys_raw_flags,
+ header_libs: [
+ "libcrypto_baremetal",
+ "libssl_baremetal",
+ ],
+}
+
// Encapsulate the bindgen-generated layout tests as a test target.
rust_test {
name: "libbssl_sys_raw_test",
@@ -755,6 +787,16 @@
],
}
+cc_library_static {
+ name: "libbssl_rust_support_baremetal",
+ defaults: ["boringssl_flags"],
+ srcs: ["src/rust/rust_wrapper.c"],
+ static_libs: [
+ "libcrypto_baremetal",
+ "libssl_baremetal",
+ ],
+}
+
// Replace the upstream CMake placeholder with a re-export of all of the local bindgen output.
gensrcs {
name: "libbssl_sys_src",
@@ -774,8 +816,8 @@
// Use the modified source with placeholder replaced.
srcs: [":libbssl_sys_src"],
vendor_available: true,
- // Since libbssl_sys_raw is not publically visible, we can't
- // accidentally force a double-link by linking statically, so do so.
+ // Since libbssl_sys_raw is not publicly visible, we can't accidentally
+ // force a double-link by linking statically, so do so.
rlibs: ["libbssl_sys_raw"],
whole_static_libs: [
"libbssl_rust_support",
@@ -786,3 +828,27 @@
],
}
+gensrcs {
+ name: "libbssl_sys_src_nostd",
+ srcs: [":libbssl_sys_src"],
+ cmd: "(echo '#![no_std]' && cat $(in)) > $(out)",
+}
+
+rust_library_rlib {
+ name: "libbssl_ffi_nostd",
+ crate_name: "bssl_ffi",
+ visibility: [
+ "//packages/modules/Virtualization/pvmfw",
+ ],
+ srcs: [":libbssl_sys_src_nostd"],
+ rlibs: ["libbssl_sys_raw_nostd"],
+ prefer_rlib: true,
+ no_stdlibs: true,
+ stdlibs: [
+ "libcompiler_builtins.rust_sysroot",
+ "libcore.rust_sysroot",
+ ],
+ whole_static_libs: [
+ "libbssl_rust_support_baremetal",
+ ],
+}
diff --git a/src/crypto/fipsmodule/rand/getrandom_fillin.h b/src/crypto/fipsmodule/rand/getrandom_fillin.h
index 9871854..c0dea35 100644
--- a/src/crypto/fipsmodule/rand/getrandom_fillin.h
+++ b/src/crypto/fipsmodule/rand/getrandom_fillin.h
@@ -32,6 +32,8 @@
#define EXPECTED_NR_getrandom 384
#elif defined(OPENSSL_PPC64LE)
#define EXPECTED_NR_getrandom 359
+#elif defined(OPENSSL_RISCV64)
+#define EXPECTED_NR_getrandom 278
#endif
#if defined(EXPECTED_NR_getrandom)
diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h
index c2c953b..83dbcc9 100644
--- a/src/include/openssl/base.h
+++ b/src/include/openssl/base.h
@@ -107,6 +107,7 @@
#define OPENSSL_MIPS64
#elif defined(__riscv) && __SIZEOF_POINTER__ == 8
#define OPENSSL_64_BIT
+#define OPENSSL_RISCV64
#elif defined(__riscv) && __SIZEOF_POINTER__ == 4
#define OPENSSL_32_BIT
#elif defined(__pnacl__)
